Role Description As part of the Application Security team, you’ll focus on reducing risk at scale by building the security infrastructure, automation, and tooling that empowers engineers to ship secure products with confidence. We work closely with engineering and product teams throughout the software development lifecycle (SDLC), embedding secure-by-default practices and delivering scalable solutions. Application Security Engineers create impact by designing and implementing security tooling, writing custom security rules, and building frameworks that address broad classes of vulnerabilities. In addition to proactive development, we support teams through design consultations, threat modeling, documentation, and education to uplift security culture across Dropbox. Our Engineering Career Framework is viewable by anyone outside the company and describes what’s expected for our engineers at each of our career levels. Check out our blog post on this topic and more here. Responsibilities Build and maintain security tools, automation, and libraries to enable secure-by-default development across engineering teams.Design and implement custom security rules (e.g., Semgrep, CodeQL) to detect and prevent common and emerging vulnerability patterns.Act as a subject matter expert on application security across web, mobile, and desktop environments.Conduct security consultations and threat modeling sessions, and clearly communicate risk and mitigation strategies to technical and non-technical stakeholders.Improve and scale the Secure Development Lifecycle (SDLC) by integrating tools, checks, and processes into engineering workflows.Perform targeted code and design reviews, and develop follow-up tooling or controls to prevent regressions.Collaborate cross-functionally with engineering, product, GRC, and AI/ML teams to proactively address security risks, especially in fast-moving and emerging tech areas. On-call work may be necessary occasionally to help address bugs, outages, or other operational issues, with the goal of maintaining a stable and high-quality experience for our customers. Requirements 3+ years of experience in application security or security engineering roles.Hands-on experience building or using security automation tools to improve developer workflows and product security.Demonstrated ability to work across the SDLC, including supporting and interpreting findings from penetration tests and bug bounty reports.Familiarity with modern tech stacks, including microservices, CI/CD pipelines, and cloud-native environments.Solid understanding of common vulnerability classes (e.g., injection, XSS, authN/authZ issues) and practical mitigation strategies.Comfortable working in cross-functional environments and supporting multiple product and engineering teamssimultaneously.Experience participating in or supporting incident response or security on-call rotations is a plus Preferred Qualifications Experience in application security engineering, with a strong focus on security tooling and automation.Demonstrated ability to write and maintain custom security rules and integrate them into developer workflows.Experience with machine learning systems, particularly generative AI, and the ability to support secure development in AI-driven products.Experience developing internal libraries or frameworks that reduce or eliminate entire classes of vulnerabilities.Proficient in software development, with experience contributing production-level code in one or more modern languages.Familiarity with securing diverse application types, including web, mobile, and native platforms.Experience with data security, including tooling for data protection, access control, and encryption.Strong communication skills and ability to build trusted partnerships with cross-functional teams. Company Description Dropbox isn’t just a workplace—it’s a living lab for more enlightened ways of working. We're a global community of bold visionaries and resourceful doers who are shaping the future of Dropbox—and with it the future of work. Our Virtual First model combines the autonomy of a distributed workplace with the power of human connection, making space for both meaningful work and meaningful relationships. With our start-up mindset and enterprise-level opportunities, you can be who you are and grow into who you’re meant to be. Here, you can own your impact to make work more intuitive, joyful, and human—for you as a Dropboxer and for hundreds of millions of people worldwide. If you're ready to push boundaries—and yourself— Dropbox is ready for you. Team Description The Dropbox Engineering Team builds the technology that creates more enlightened ways of working for hundreds of millions of people. Every day, our platforms—including Dropbox Dash, Dropbox Sign, and our core sync engine—handle over a billion files for users worldwide, creating engineering challenges as great as the opportunity for impact. Our software engineering team uses a range of technologies to solve interesting problems, including Python, React, Node.js, JavaScript, MongoDB, PostgreSQL, and Android development. We think like a startup but build for an enterprise, exploring new possibilities that transform how people work. If you're excited about turning complex technical challenges into intuitive solutions at scale, join our Engineering team. Areas of work include Machine Learning Engineers, Infrastructure Engineer, Product SWE Frontend and Backend, Mobile Software Engineers (iOS and Android), Engineering Manager, Data Engineer, Software Development Engineer in Test, Security Engineering, Site Reliability Engineer, Technical Program Managers, Network Engineer, Datacenter Engineer, Technical Supply Chain Manager and more. Benefits Dropbox is committed to investing in the holistic health and wellbeing of all Dropboxers and their families. Our benefits and perks programs include, but are not limited to:  Medical, Dental & Vision allowance* Retirement, Critical Illness, Life & Income Protection allowance* Business Travel Protection: Travel medical and accident insurance Flexible PTO/Paid Time Off policy in addition to statutory holidays, allowing you time to unplug, unwind, and refresh Perks Allowance to be used on what matters most to you, whether that’s wellness, learning and development, food & groceries, and much more Parental benefits including: Parental Leave, Fertility Benefits, Adoptions and Surrogacy support, and Lactation support Mental health and wellness benefits Additional benefits details are available upon request. *Where group plans are not available, allowances may be provided Dropbox supports responsible use of AI for preparation, but misrepresentation of skills or experience is not permitted. See our AI philosophy. Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, enABLE, TODOS (Latinx), Pridebox (LGBTQ), Vets at Dropbox, and Women at Dropbox.